SQL Query only fetching the first word from a string column - php

<?php
include('common/connect.class.php');
include('common/admin.class.php');
session_start();
$user = $_SESSION['user'];
$con2 = new connection();
$con = $con2->connect();
$sql = "SELECT * FROM xam_category"; //Select Query
$myData = mysql_query($sql,$con) or die(mysql_error());;
echo "<table align='center'>
<tr>
<th>Category name</th>
<th>Category Description</th>
</tr>";
while($record = mysql_fetch_array($myData))
{
echo "<form action=user_book.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text size=10 readonly='true' name=usrname value=" . $record['category_name'] . " </td>";
echo "<td>" . "<input type=text size=15 readonly='true' name=usrmail value=" . $record['category_desc'] . " </td>";
echo "<td>" . "<input type=submit name=delete value=DELETE" . " </td>";
echo "<td>" . "<input type=submit name=update value=UPDATE" . " </td>";
echo "</tr>";
echo "</form>";
}
mysql_close($con);
echo "</table>";
?>
My SELECT query and data fetching is working fine. But, while i echo the fetched data, it only shows the first word "Computer" where it's actual value is "Computer Science".
The data stored in database viewed through PhpMyAdmin seems ok. But,
The data shown in the .php page is different and not ok.
I'm Stuck.
How to display the right string from MySQL database on the PHP page?
Note: I'm using html inside echo to loop & display all data. Sorry, I have to use mysql() functions could'nt do msqli(). I also viewed other same type questions in StackOveflow. But, Couldn't find a solution.


If you have a value with a space in it, you must enclose that value within quotes in your HTML. Try with
echo "<td><input type=text size=10 readonly='true' name='usrname' value='".$record['category_name']."'</td>";


Try to use mysql_fetch_assoc instead of mysql_fetch_array if you would like to access to variable like $record['category_name'].
Please read this article: mysql_fetch_row() vs mysql_fetch_assoc() vs mysql_fetch_array()

Related

HTML: putting a table in a form

I'm coding an html table that displays information from a MySql table. Each row is a series of input's so the values of the table can be easily updated.
Here's my current code:
<form action=index.php/component/studentmanagement/?task=update method=post>
<table>
<tr>
<th>Name</th>
<th>Email</th>
<th>Program</th>
<th>Class</th>
</tr>
<?php
$db = JFactory::getDBO();
$query = "SELECT * FROM student_management_module";
$db->setQuery($query);
$rows = $db->loadObjectList();
foreach ($rows as &$row) {
echo "<tr>";
echo "<td>" . "<input type=text name=fullName id=name_val value=" .$row->name. "> </td>";
echo "<td>" . "<input type=text name=email id=email_val value=" .$row->email. "> </td>";
echo "<td>" . "<input type=text name=prog id=prog_val value=" .$row->program. "> </td>";
echo "<td>" . "<input type=text name=class id=class_val value=" .$row->class. "> </td>";
echo "<td class = 'headcol'> <input type=submit name=update class='btnupdate' value=update>";
echo "<td>" . "<input type=hidden name=hidden value=" .$row->student_id. "> </td>";
echo "</tr>";
}
?>
</table> </form>
But whenever I try submitting the updated values, they don't get pass to my update functions. Am I putting the table in the form correctly?
Thanks in advance, and I'll appreciate any help.
This is my update function:
<?php
$db = JFactory::getDBO();
$query = "UPDATE student_management_module SET name = '$_POST[fullName]', email = '$_POST[email]', program='$_POST[prog]', class='$_POST[class]' WHERE student_id='$_POST[hidden]'";
$db->setQuery($query);
$db->query();
?>

Try having the value of the name and id in quotes or double quote. I.e., id="class_val". In your case, since you have already inserted the td in a double quote, use single quote. So it will be "<td class='foo' id='foo' name='foo'></td>".

Being able to delete data from the click of a button on a page which also deletes the data from the database

I have multiple text boxes within a table on my web page which is populated from a form on my website users fill out. I have the feature of being able to delete each row as well as edit each row of data displayed on my website. The problem I'm having with it is only the last row of the table can be edited/deleted. For example, When I click the delete button on the first row of the table, it deletes the last row for some reason and not the first row. Also, it's the same with the update/edit button, only the last row can be modified and not anything above the last row of the table on my website.
More information:
form_id is the primary key within my database.
My code:
<?php
$con = #mysql_connect("localhost","root","");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("formsystem", $con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE form SET form_name='$_POST[name]', form_description='$_POST[description]' WHERE form_id='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM form WHERE form_id='$_POST[hidden]'";
mysql_query($DeleteQuery, $con);
};
$sql = "SELECT * FROM form";
$myData = mysql_query($sql,$con);
echo "<table>
<tr>
<th>Title</th>
<th>Description</th>
<th></th>
<th></th>
<th></th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=findGroup.php method=post>";
echo "<tr>";
echo "<td>" ."<input type=text name=name value='" . $record['form_name'] . "'/> </td>";
echo "<td>" ."<input type=text name=description value='" . $record['form_description'] . "'/> </td>";
echo "<td>" ."<input type=hidden name=hidden value='" . $record['form_id'] . "'/></td>";
echo "<td>" ."<input type=submit name=update value='update" . "'/> </td>";
echo "<td>" ."<input type=submit name=delete value='delete" . "'/> </td>";
echo "</tr>";
}
echo "</table>";
?>

Update
Enclose the form element properly:
<?php
$con = #mysql_connect("localhost","root","");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("formsystem", $con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE form SET form_name='".$_POST['name']."', form_description='".$_POST['description']."' WHERE form_id='".$_POST['hidden']."';";
mysql_query($UpdateQuery, $con);
};
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM form WHERE form_id='".$_POST['hidden']."';";
mysql_query($DeleteQuery, $con);
};
$sql = "SELECT * FROM form";
$myData = mysql_query($sql,$con);
echo "<table>
<tr>
<th>Title</th>
<th>Description</th>
<th></th>
<th></th>
<th></th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=findGroup.php method=post>";
echo "<tr>";
echo "<td>" ."<input type=text name=name value='" . $record['form_name'] . "'/> </td>";
echo "<td>" ."<input type=text name=description value='" . $record['form_description'] . "'/> </td>";
echo "<td>" ."<input type=hidden name=hidden value='" . $record['form_id'] . "'/></td>";
echo "<td>" ."<input type=submit name=update value='update" . "'/> </td>";
echo "<td>" ."<input type=submit name=delete value='delete" . "'/> </td>";
echo "</tr>"
echo "</form>";
}
echo "</table>";
?>
And for security issue, it's better to wrap variable using mysqli_real_escape_string, for example:
"DELETE FROM form WHERE form_id='".mysqli_real_escape_string($_POST['hidden'])."';";
But this is another question, here is the thread.

First off, check these potential issues:
You are connecting as root. Not recommended. You should connect as a MySQL user with M.A.D rights on that table (modify, add, delete).
Have you checked the MySQL & system/PHP logs to see if any errors are being reported? Then you can adjust your code based on those errors.
Have you attempted to run the delete statement manually to confirm that it deletes the desired row?
In your code, have you tried using the $sql = DELETE... syntax on your delete statement?

Trying to create an editable HTML table using PHP and mySQL but the table won't update

I'm trying to make a HTML table as a frontend to a mySQL database. The table displays fine and I can type in the edits I want to make to each row of the table but when I press the submit button the changes aren't actually made. Can anyone see where I'm going wrong?
<?php
include("db.php");
$sql = "SELECT * FROM `artist`";
$result = mysqli_query($conn, $sql);
if (isset($_POST['update'])){
$artID = $_POST['artID'];
$artName = $_POST['artName'];
$key = $_POST['hidden'];
$UpdateQuery = "UPDATE `artist` SET `artID` = '$artID', `artName` = '$artName' WHERE `artist`.`artID` = '$key'";
mysqli_query($conn,$UpdateQuery);
header("Location: {$_SERVER['HTTP_REFERER']}");
exit;
};
echo "<table border='1'>";
echo "<tr>";
echo "<th>ID</th>";
echo "<th>Name</th>";
echo "</tr>";
if ($result->num_rows > 0) {
echo "<form id ='artisttable' action ='getartiststable.php' method ='post'>";
// output data of each row
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" ."<input type='text' name ='artID' value ='" . $row['artID'] . "' </td>";
echo "<td>" . "<input type='text' name ='artName' value ='" . $row["artName"] . "' </td>";
echo "<td>" . "<input type = 'hidden' name ='hidden' value='" . $row['artID'] . "' </td>";
echo "<td>" . "<input type='submit' name ='update'" . " </td>";
echo "</tr>";
}
echo "</form>";
echo "</table>";
} else {
echo "0 results";
}
$conn->close();
?>
The db.php file simply includes the connection info to the mySQL database and I'm 100% sure there's nothing wrong with it as it retrieves the table correctly it just doesn't update.

You are putting form tag inside tr which is not allowed td are only allowed
so you have to remove that tr from there.
You have to use jquery or you can replace the table with some other grid structure so that it can look the same and the form can be placed there as well
One more suggestion Don't mix the php and html together separate them for the clean code
If you do all these you code will be like this

Your form is being constructed with multiple elements with the same name. When you submit the form it is using the last elements as the values so regardless of the record you want updated the last record is being updated (or throwing an error because of string encapsulation). You should use parameterized queries as well.
So instead of:
if ($result->num_rows > 0) {
echo "<form id ='artisttable' action ='getartiststable.php' method ='post'>";
// output data of each row
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" ."<input type='text' name ='artID' value ='" . $row['artID'] . "' </td>";
echo "<td>" . "<input type='text' name ='artName' value ='" . $row["artName"] . "' </td>";
echo "<td>" . "<input type = 'hidden' name ='hidden' value='" . $row['artID'] . "' </td>";
echo "<td>" . "<input type='submit' name ='update'" . " </td>";
echo "</tr>";
}
echo "</form>";
echo "</table>";
Use:
if ($result->num_rows > 0) {
// output data of each row
while($row = mysqli_fetch_array($result)) {?>
<form class='artisttable' action ='getartiststable.php' method ='post'>
<tr>
<td><input type='text' name ='artID' value ='<?php echo $row['artID'];?>' /></td>
<td><input type='text' name ='artName' value ='<?php echo $row["artName"];?>' /></td>
<td><input type = 'hidden' name ='hidden' value='<?php echo $row['artID'];?>' /></td>
<td><input type='submit' name ='update'" . " </td>
</tr>
</form>
<?php } ?>
</table>
So you get a form for each data set. Here's a link on prepared statements with mysqli: http://php.net/manual/en/mysqli.quickstart.prepared-statements.php. You also should update your mark up. Tables for formatting aren't the best approach. Your inputs also weren't closed missing >.
Also this changed artisttable from an id to class because there will be multiples. Update CSS/JS accordingly.

php update script failing to work

bellow is the code for a PHP edit script. I am aware it is not protected as it is an example however it doesn't seem to work, from what i can see syntactically it is OK but i may be missing something.
The code:
<?php
$connect = mysql_connect("localhost","root","");
if (!$connect){
die("Connection failed:" . mysql_error());
}
mysql_select_db("test",$connect);
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE tbl_venues SET venue_id='$_POST[id]', venue_name='$_POST[name]', venue_description ='$_POST[desc]', venue_address ='$_POST[address]', venue_type ='$_POST[type]' WHERE venue_id='$_POST[hidden]'";
mysql_query($UpdateQuery, $connect);
};
$sql = "SELECT * FROM tbl_venues ORDER BY venue_id";
$mydata = mysql_query($sql,$connect);
echo "<table border=1>
<tr>
<th>Venue ID</th>
<th>Venue Name</th>
<th>Venue Description</th>
<th>Venue Address</th>
<th>Venue Type</th>
</tr>";
while($record = mysql_fetch_array($mydata)){
echo"<form action=venuelist.php method=post>";
echo "<tr>";
echo "<td><input type='text' name='id' value='" . $record['venue_id'] . "'> </td>";
echo "<td><input type='text' name='name' value='" . $record['venue_name'] . "'> </td>";
echo "<td><input type='text' name='desc' value='" . $record['venue_description'] . "'> </td>";
echo "<td><input type='text' name='address' value='" . $record['venue_adress'] . "'> </td>";
echo "<td><input type='text' name='type' value='" . $record['venue_type'] . "'> </td>";
echo "<td><input type='hidden' name='hidden' value='" . $record['venue_id'] . "'> </td>";
echo "<td><input type='submit' name='update' value='update' " . "'> </td>";
echo "</form>";
}
echo "</table>";
mysql_close($connect);
?>
It displays the data proving its not a connection issue however the data stops showing when a apostrophe is present in the row. The main issue is it refuses to update the field.
Any suggestions? Thanks

If the value includes an apostrophe it will break the html.
e.g. Your rendered html will look something like this:
<input type='hidden' name='hidden' value='it's a problem'>
Most frameworks will automatically prevent issues like this by automatically escaping problematic characters so you don't need to do it manually. (e.g. CakePHP and many others)

Here's a method for escaping single quotes in your output. It uses the php function str_replace.
$myString = "testing 'this' is a problem";
$myString = str_replace('\'', '\\\'', $myString);
echo $myString;
As far as how to remove those single quotes on the way into the database, take a look at prepared statements. It's a reliable way to protect your database from SQL injection. In particular take a look at this canonical question and answer on the topic. Your update statement is not working because single quotes break the SQL query. So you'll have to deal with those some way, and prepared statements is the best practice there.

how to update specific user ? update.php

Below is my update.php code. However, I am seeking for code to update specific user. For example
Search Id: ___________ [search]
If the user wants to search id details for id : 11
Then update.php will show open a page that can update that 11 details.
For my code, it is not specific.
Hope someone can help me please.
update.php
<center>
<h1><u>Library Database</u></h1>
</center>
<?php
$con = mysql_connect("localhost","root","");
if(!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("c_database",$con);
if(isset($_POST['update'])){
$UpdateQuery="UPDATE myaduan SET id='$_POST[id]', nama_pengadu='$_POST[nama_pengadu]' WHERE id='$_POST[hidden]'";
mysql_query($UpdateQuery,$con);
};
if(isset($_POST['delete'])){
$DeleteQuery="DELETE FROM myaduan WHERE id='$_POST[hidden]'";
mysql_query($DeleteQuery,$con);
};
$sql="SELECT * FROM myaduan";
$myEdit=mysql_query($sql,$con);
echo "<table style=border:1px solid silver cellpadding=5px cellspacing=0px align=center border=0>
<tr>
<td colspan=4 style=background:0066FF; color:#FFFFFF; fontsize: 20px>UPDATE RECORD</td></tr>
<tr>
<td>ISBN</td>
<td>Title</td>
</tr>";
while($record = mysql_fetch_array($myEdit)){
echo "<form action=update.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=id value=".$record['id'] . " </td>";
echo "<td>" . "<input type=text name=nama_pengadu value=".$record['nama_pengadu']. " </td>";
echo "<td>". "<input type=hidden name=hidden value=".$record['id']. " </td>";
echo "<td>"."<input type=submit name=update value=update"." </td>";
echo "<td>"."<input type=submit name=delete value=delete"." </td>";
echo "</tr>";
echo"</form>";
}
echo"</table>";
mysql_close($con);
?>

First of all you should stop using mysql_connect . It was deprecated , instead use another one such as PDO.
You can run a query to display all your users then have tow links in front of each one like:
-User1 update *delete*
-User2 update *delete*
.
.
.
if u hit delete you post all your info to ur processing page and delete the user .If you hit update you load a form to another div using Jquery/ajax or you redirect to another page with your form on it and you update your user info .
This way you ll have a cleaner/user freindly area to do your thing .

Categories